687 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53272
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I...
SUSE CVE-2026-53272
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...
CVE-2026-53015
A flaw was found in the Linux kernel's erofs filesystem. On 32-bit platforms, the lcn variable, used for logical cluster numbers, was defined as a 32-bit integer. This could lead to truncation when calculating offsets larger than 4 Gigabytes GiB, potentially causing incorrect data handling within...
CVE-2026-53272
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...
UBUNTU-CVE-2026-53272
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...
CVE-2026-53272
The CVE-2026-53272 issue affects the Linux kernel’s erofs subsystem. A use-after-free on sbi->sync_decompress can occur when z_erofs_endio() queues z_erofs_decompressqueue_work() and, after folios are unlocked, the unmount path completes with sbi freed before sbi->sync_decompress is accesse...
CVE-2026-53272 erofs: fix use-after-free on sbi->sync_decompress
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...
CVE-2026-53272
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...
EUVD-2026-39223
In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi-syncdecompress zerofsdecompresskickoff can race with filesystem unmount, causing a use-after-free on sbi-syncdecompress. When I/O completes, zerofsendio calls zerofsdecompresskickoff to queue...
Linux Distros Unpatched Vulnerability : CVE-2026-53015
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: unify lcn as u64 for 32-bit platforms As sashiko reported 1, lcn was typed as unsigned long or unsigned int sometimes, which is only 32 bits wide on 32-b...
PT-2026-52367
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the erofs component. The z erofs decompress kickoff function can race with the filesystem unmount process, leading to a use-after-free on sbi-sync...
EUVD-2026-38883
In the Linux kernel, the following vulnerability has been resolved: erofs: unify lcn as u64 for 32-bit platforms As sashiko reported 1, lcn was typed as unsigned long or unsigned int sometimes, which is only 32 bits wide on 32-bit platforms, which causes lcn lclusterbits to be truncated at 4 GiB...
CVE-2026-53015
In the Linux kernel, the following vulnerability has been resolved: erofs: unify lcn as u64 for 32-bit platforms As sashiko reported 1, lcn was typed as unsigned long or unsigned int sometimes, which is only 32 bits wide on 32-bit platforms, which causes lcn lclusterbits to be truncated at 4 GiB...
CVE-2026-53015
The CVE-2026-53015 issue concerns the Linux kernel‑erofs filesystem where the lcn variable was 32‑bit on 32‑bit platforms, risking truncation when calculating large offsets (lcn <
CVE-2026-53015 erofs: unify lcn as u64 for 32-bit platforms
In the Linux kernel, the following vulnerability has been resolved: erofs: unify lcn as u64 for 32-bit platforms As sashiko reported 1, lcn was typed as unsigned long or unsigned int sometimes, which is only 32 bits wide on 32-bit platforms, which causes lcn lclusterbits to be truncated at 4 GiB...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: erofs: fixed the UAF issue for file-backed mounts with the directio option 9.269940 T3222 Call trace: 9.269948 T3222 ext4filereadIter+0xac/0x108 9.269979 T3222 vfsiocbiterread+0xac/0x198 9.269993 T3222...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: erofs: Proper handling of the end of the filesystem is required for file-backed mounts. I/O requests that extend beyond the end of the filesystem should be set to zero, similar to the behavior of loopback devices. This is what we...
PT-2026-51909
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the erofs component where the lcn variable was typed as unsigned long or unsigned int. On 32-bit platforms, this variable is only 32 bits wide, leading to the truncati...
RLSA-2026:25191 Critical: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: Linux kernel: Denial of Service in erofs filesystem CVE-2026-31467 kernel: can: raw: fix...
kernel security update
An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...